Table of Contents
Advertisement
Network and Security Manager Administration Guide
Setting Target Security Devices for APE Rules
Entering Comments for APE Rules
Configuring Exempt Rules
Adding the Exempt Rulebase
480
For each rule in the APE rulebase, you can select the security device on which the rule is
installed. When you install the security policy that the rule belongs to, the rule becomes
active only on the devices you selected in the Install On column of the rulebase.
NOTE: NSM supports APE only on standalone IDP devices running IDP release 5.0.
You can enter notations about the rule in the Comments column. Anything you enter in
the Comments column is not pushed to the target devices. To enter a comment, right-click
the Comments column and select Edit Comments. The Edit Comments dialog box
appears. You can enter up to 1024 characters in the Comments field.
The Exempt rulebase works in conjunction with the IDP rulebase. Before you can create
exempt rules, you must first create rules in the IDP rulebase. If traffic matches a rule in
the IDP rulebase, IDP attempts to match the traffic against the Exempt rulebase before
performing the specified action or creating a log record for the event.
NOTE: If you delete the IDP rulebase, the Exempt rulebase is also deleted.
You might want to use an exempt rule when an IDP rule uses an attack object group that
contains one or more attack objects that produce false positives or irrelevant log records.
To prevent unnecessary alarms, you might want to use an exempt rule to exclude a
specific source, destination, or source/destination pair from matching an IDP rule.
When you create an exempt rule, you must specify the following:
Source and destination for traffic you want to exempt. You can set the source or
destination to "any" to exempt network traffic originating from any source or sent to
any destination. You can also specify "negate" to specify all sources or destinations
except the specified addresses.
The attacks you want IDP to exempt for the specified source/destination addresses.
You must include at least one attack object in an exempt rule.
NOTE: The Exempt rulebase is a non-terminal rulebase. That is, IDP attempts to match
traffic against all rules in the Exempt rulebase and all matches are executed.
Before you can configure a rule in the Exempt rulebase, you need to add the Exempt
rulebase to a security policy.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
